Main » Articles » Social Network Hacks » Facebook Hacking |
Today i will discuss on how you can steal cookies when on LAN or WiFi Network using a technique called Sidejacking. When you login to any website by submitting your username and password, First the server checks if an account matching this information exists and if so, replies back to you with a "authentication cookie” which is then stored by your browser for all subsequent requests and to keep you logged-in.
Its very common, that many Websites protect your account by encrypting the login process. But it is very uncommon for Websites to encrypt everything else after you login(eg:cookies). This makes the cookie and the user vulnerable. On an open wireless networks like WiFi, cookies are basically shouted through the air, making these type of attacks extremely easy, yet very popular websites continue to fail at protecting their users. The Sidejacking Attack Involves two Major Steps: #1. Capturing packets (Session Cookie) #2. Using Captured Session Cookie. Easiest Way to SideJack: The above method is cumbersome ofcourse, and requires more time. To simplify this Task, Mr.Eric Butler a software engineer introduced a firefox extension called Firesheep. The extension was created as a demonstration of the security risk to users of web sites that only encrypt the login process and not the cookie(s) created during the login process. The extension uses a packet sniffer to intercept unencrypted cookies from certain websites, as the cookies are transmitted over the networks. When you are on public Wifi or LAN, Fireship can automatically capture all the available session cookies of any website and reports it to you. You can Now choose between all the available use accounts and you are just a click away to access them. As you can see above, It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim’s name.
Firesheep has exploited and made it easy for public wifi users to be attacked by session hijackers. Websites like Facebook, Twitter, and any that the user adds to their preferences allow the firesheep user to easily access private information from cookies. -How do i Protect Myself from SideJacking Attack?#1. It is very easy to protect yourself against this sort of attack. Both Facebook & Twitter supports HTTPS, so when you browse facebook (or twitter for that matter) On Public Wifi or LAN, please make sure you’re using HTTPS:// rather than HTTP:// in the URL. Facebook: Account Settings >> Account Security >> check "Secure Browsing (https)” >> Save. #2. FireFox Users can use Plugin called HTTPS Finder. HTTPS Finder automatically detects and alerts when SSL is available on a web page. It also provides one-click rule creation for HTTPS Everywhere. #3. When you are using Public WiFi, Avoid Logging-in on Websites that doesn’t Support HTTPS://. Don’t use sites that revert back to HTTP after login. #4. Always Log off websites when done. If the ‘victim’ logs out of any Website, the attackers session becomes invalid – so it’s a good practice to actually log out and log back in again rather than using the ‘remember me’ check-box. #5. Avoid using unencrypted Wi-Fi. Encrypting everything over Wi-Fi is an excellent idea. Although not many hot-spots offer Encrypted WiFi, using it can greatly reduce the risk of being hacked. | |
Views: 2203 | Rating: 4.5/4 |
Total comments: 0 | |